Total
14524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19608 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the registeredList.cgi page. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-19607 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attack due to insufficient input validation for the session parameter. A successful exploit could allow an attacker to extract sensitive information from the database and execute arbitrary scripts. | |||||
| CVE-2019-19499 | 1 Grafana | 1 Grafana | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations. | |||||
| CVE-2019-19292 | 1 Siemens | 2 Sinvr 3 Central Control Server, Sinvr 3 Video Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. | |||||
| CVE-2019-19286 | 1 Siemens | 1 Xhq | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages. | |||||
| CVE-2019-19250 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js. | |||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | |||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | |||||
| CVE-2019-19113 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection. | |||||
| CVE-2019-19094 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
| Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database. | |||||
| CVE-2019-19029 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19026 | 2 Linuxfoundation, Pivotal | 2 Harbor, Vmware Harbor Registry | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | |||||
| CVE-2019-19016 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. Some functions, such as /history-x.php, of the administration interface are vulnerable to SQL Injection through the results parameter. This could be used by an attacker to extract sensitive information from the appliance database. | |||||
| CVE-2019-18890 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query. | |||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | |||||
| CVE-2019-18784 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. | |||||
| CVE-2019-18663 | 1 Isl | 1 Arp-guard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in a /login/forgot1 POST request in ARP-GUARD 4.0.0-5 allows unauthenticated remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2019-18662 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in YouPHPTube through 7.7. User input passed through the live_stream_code POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized (in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php) before being used to construct a SQL query. This can be exploited by malicious users to, e.g., read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the Live Chat plugin to be enabled. | |||||
| CVE-2019-18646 | 1 Untangle | 1 Ng Firewall | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Untangle NG firewall 14.2.0 is vulnerable to authenticated inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user. | |||||
| CVE-2019-18622 | 3 Fedoraproject, Opensuse, Phpmyadmin | 4 Fedora, Backports Sle, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. | |||||